Referrer Policy: Add new policies to URLRequest.

net/url_request/url_request_job.cc

Index: net/url_request/url_request_job.cc
diff --git a/net/url_request/url_request_job.cc b/net/url_request/url_request_job.cc
index 36101953c6c6c2966cbb29d83b80231d79200868..5b263797b92cddb7f5258307bac0ed7cb9be0c17 100644
--- a/net/url_request/url_request_job.cc
+++ b/net/url_request/url_request_job.cc
@@ -846,14 +846,29 @@ RedirectInfo URLRequestJob::ComputeRedirectInfo(const GURL& location,
         request_->first_party_for_cookies();
   }
 
-  // Suppress the referrer if we're redirecting out of https.
-  if (request_->referrer_policy() ==
-          URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE &&
-      GURL(request_->referrer()).SchemeIsSecure() &&
-      !redirect_info.new_url.SchemeIsSecure()) {
-    redirect_info.new_referrer.clear();
-  } else {
+  // Alter the referrer if we're redirecting out of https or cross-origin.
+  switch (request_->referrer_policy()) {
+    case URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE:

[mmenke, 2014/11/12 15:11:12]

optional:  Suggest using braces on all blocks, for consistency.

+      if (GURL(request_->referrer()).SchemeIsSecure() &&
+          !redirect_info.new_url.SchemeIsSecure())
+        redirect_info.new_referrer.clear();

[mmenke, 2014/11/12 15:11:12]

nit:  Use brace when conditional of an if takes up more than one line.

+      break;

[Ryan Sleevi, 2014/11/13 20:00:33]

BUG?: In the old code, this was unified as a single check. If it failed, it
would fall through to line 856 - that is

redirect_info.new_referrer = request_->referrer();

This new code no longer does that. 

[mmenke, 2014/11/13 20:06:37]

The fact that no test caught that is rather concerning.

[mmenke, 2014/11/13 20:06:37]

The fact that no test caught that is very concerning.

+
+    case URLRequest::REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN: {
+      GURL original_referrer(request_->referrer());

[mmenke, 2014/11/12 15:11:12]

No need for a copy here - can just use const GURL&.

+      if (original_referrer.SchemeIsSecure() &&
+          !redirect_info.new_url.SchemeIsSecure()) {
+        redirect_info.new_referrer.clear();
+      } else if (original_referrer.GetOrigin() !=
+                 redirect_info.new_url.GetOrigin()) {
+        redirect_info.new_referrer = original_referrer.GetOrigin().spec();
+      }
+      break;
+    }
+
+    case URLRequest::NEVER_CLEAR_REFERRER:
     redirect_info.new_referrer = request_->referrer();
+    break;

[mmenke, 2014/11/12 15:11:12]

fix indent

   }
 
   return redirect_info;